4294967295 is -1. that means the previous API in the code returned -1 which was passed setgid. So instead of getting the group permissions and ownerships correct, you may want to see the group name it self. Probably that was wrong.
JB On 8/10/05, Jorey Bump <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: > > Trying to set up ssl for an intranet. There is no FQDN, just an IP address. > > > > Is this possible? > > Yes. The only important thing is that the hostname used by clients to > find your machine must match the Common Name in the certificate. So, if > your other machines use https://intranet.localdomain/ to view web pages, > the Common Name must be intranet.localdomain. The server itself doesn't > even need to know it's being called intranet.localdomain (unless you're > using name-based virtual hosts). > > > I've create the certificate keys as X.X.X.X.key > > instead of www.example.com.key > > The name of the key doesn't matter, it's just used in path > specifications (and of course, sometimes the OS gives the extension > special meaning)> > > > I'm able to run the startssl command (see below) > > It asks for the pass phrase, and says it logs in, but the > > error log (list below too), shows some problems which > > I don't understand. > > > > Any ideas? > > It looks like an apache configuration problem. > > > this is the log file after running: > > > > nycupa4:/usr/local/bin >sudo /usr/local/apache2/bin/apachectl startssl > > Apache/2.0.54 mod_ssl/2.0.54 (Pass Phrase Dialog) > > Some of your private key files are encrypted for security reasons. > > In order to read them you have to provide us with the pass phrases. > > > > Server 192.33.175.160:443 (RSA) > > Enter pass phrase: > > > > Ok: Pass Phrase Dialog successful. > > This isn't robust. Strip the passphrase from your key, and make it > readable by root only. > > > log file below - it shows Child 19200 returned a Fatal error > > is there > > > > 207361 [Wed Aug 10 09:07:58 2005] [notice] Digest: generating secret for > > digest authentication ... > > 207362 [Wed Aug 10 09:07:58 2005] [notice] Digest: done > > 207363 [Wed Aug 10 09:08:00 2005] [warn] pid file /var/run/httpd.pid > > overwritten -- Unclean shutdown of previous Apache run? > > 207364 [Wed Aug 10 09:08:00 2005] [alert] (22)Invalid argument: setgid: > > unable to set group id to Group 4294967295 > > 207365 [Wed Aug 10 09:08:00 2005] [alert] (22)Invalid argument: setgid: > > unable to set group id to Group 4294967295 > > 207366 [Wed Aug 10 09:08:00 2005] [alert] (22)Invalid argument: setgid: > > unable to set group id to Group 4294967295 > > 207367 [Wed Aug 10 09:08:00 2005] [alert] (22)Invalid argument: setgid: > > unable to set group id to Group 4294967295 > > 207368 [Wed Aug 10 09:08:00 2005] [notice] Apache/2.0.54 (Unix) > > mod_ssl/2.0.54 OpenSSL/0.9.7d DAV/2 configured -- resuming normal operations > > 207369 [Wed Aug 10 09:08:00 2005] [alert] Child 19200 returned a Fatal > > error... Apache is exiting! > > 207370 [Wed Aug 10 09:08:00 2005] [alert] (22)Invalid argument: setgid: > > unable to set group id to Group 4294967295 > > > > Is there a way to see which process might be Child 19200? > > Not likely to matter. > > > also looking into (22)Invalid argument: setgid: unable to set group id to > > Group 4294967295 > > This is your real problem. Check your Group setting in your apache > configuration. You probably just need to get your permissions and > ownerships correct. > > > also the following command > > > > openssl s_client -connect 193.44.23.34:443 -debug > > > > returns > > > > Connection Refused > > Err= 146 > > > > Any ideas? > > Can't work if apache's not running. ;) > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
